VYPR

Android SDK

by Google

CVEs (1,772)

  • CVE-2022-20219MedJul 13, 2022
    risk 0.36cvss 5.5epss 0.00

    In multiple functions of StorageManagerService.java and UserManagerService.java, there is a possible way to leave user's directories unencrypted due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User…

  • CVE-2022-20206MedJun 15, 2022
    risk 0.36cvss 5.5epss 0.00

    In setPackageOrComponentEnabled of NotificationManagerService.java, there is a missing permission check. This could lead to local information disclosure about enabled notification listeners with User execution privileges needed. User interaction is not needed for…

  • CVE-2022-20200MedJun 15, 2022
    risk 0.36cvss 5.5epss 0.00

    In updateApState of SoftApManager.java, there is a possible leak of hotspot state due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2022-20143MedJun 15, 2022
    risk 0.36cvss 5.5epss 0.00

    In addAutomaticZenRule of ZenModeHelper.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2022-20129MedJun 15, 2022
    risk 0.36cvss 5.5epss 0.00

    In registerPhoneAccount of PhoneAccountRegistrar.java, there is a possible way to prevent the user from selecting a phone account due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not…

  • CVE-2022-20115MedMay 10, 2022
    risk 0.36cvss 5.5epss 0.00

    In broadcastServiceStateChanged of TelephonyRegistry.java, there is a possible way to learn base station information without location permission due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User…

  • CVE-2022-20112MedMay 10, 2022
    risk 0.36cvss 5.5epss 0.00

    In getAvailabilityStatus of PrivateDnsPreferenceController.java, there is a possible way for a guest user to change private DNS settings due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction…

  • CVE-2022-20011MedMay 10, 2022
    risk 0.36cvss 5.5epss 0.00

    In getArray of NotificationManagerService.java , there is a possible leak of one user notifications to another due to missing check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2021-39700MedMay 10, 2022
    risk 0.36cvss 5.5epss 0.00

    In the policies of adbd.te, there was a logic error which caused the CTS Listening Ports Test to report invalid results. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2021-39670MedMay 10, 2022
    risk 0.36cvss 5.5epss 0.00

    In setStream of WallpaperManager.java, there is a possible way to cause a permanent DoS due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-39791MedMar 30, 2022
    risk 0.36cvss 5.5epss 0.00

    In WallpaperManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction…

  • CVE-2021-39788MedMar 30, 2022
    risk 0.36cvss 5.5epss 0.00

    In TelecomManager, there is a possible way to check if a particular self managed phone account was registered on the device due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User…

  • CVE-2021-39779MedMar 30, 2022
    risk 0.36cvss 5.5epss 0.00

    In getCallStateUsingPackage of Telecom Service, there is a missing permission check. This could lead to local information disclosure of the call state with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-39778MedMar 30, 2022
    risk 0.36cvss 5.5epss 0.00

    In Telecomm, there is a possible way to determine whether an app is installed, without query permissions, due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2021-39777MedMar 30, 2022
    risk 0.36cvss 5.5epss 0.00

    In Telephony, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2021-39775MedMar 30, 2022
    risk 0.36cvss 5.5epss 0.00

    In People, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2021-39774MedMar 30, 2022
    risk 0.36cvss 5.5epss 0.00

    In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID:…

  • CVE-2021-39773MedMar 30, 2022
    risk 0.36cvss 5.5epss 0.00

    In VpnManagerService, there is a possible disclosure of installed VPN packages due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2021-39770MedMar 30, 2022
    risk 0.36cvss 5.5epss 0.00

    In Framework, there is a possible disclosure of the device owner package due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-39769MedMar 30, 2022
    risk 0.36cvss 5.5epss 0.00

    In Device Policy, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for…

Page 65 of 89